CVE-2017-10804
Published Jul 4, 2017
Last updated 7 years ago
Overview
- Description
- In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before 2.6.3 is used.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-306
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:odoo:odoo:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D140CBF-E659-4E87-8FEE-F19CD2E6B947"
},
{
"criteria": "cpe:2.3:a:odoo:odoo:9.0:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3F9E8F1-FAF7-44AE-8D05-BE717D247EDE"
},
{
"criteria": "cpe:2.3:a:odoo:odoo:9.0:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "167C709E-C8B2-4CCB-963E-E1D8C664190A"
},
{
"criteria": "cpe:2.3:a:odoo:odoo:10.0:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C52F2EEB-11E5-49E8-AD06-3014FF2C2D24"
},
{
"criteria": "cpe:2.3:a:odoo:odoo:10.0:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4405E54-6C16-49D5-B632-3D72091B2FEB"
}
],
"operator": "OR"
}
]
}
]